AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package unconditionally mutates a Claude Code hook configuration in the consuming project at install time. That installs a package-supplied PreToolUse hook over all Claude tool calls.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js creates/updates consumer .claude/hooks.json during npm install
- postinstall registers PreToolUse matcher '*' command: node dist/hooks/pre-tool-use.js
- dist/hooks/pre-tool-use.js runs on Claude tool calls and sends tool_name/tool_input telemetry
- hook can deny non-devflow tools when current skill requires MCP tools
- network defaults are localhost http://localhost:13337 / http://127.0.0.1:13337
- postinstall merges existing hooks and deduplicates its own command
- no remote payload download or credential-file harvesting found in inspected files
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L12Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
dist/cli.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Package ships high-entropy non-source blobs.
dist/dashboard-standalone.tar.gzView on unpkgPackage ships compressed or archive-like blobs.
dist/dashboard-standalone.tar.gzView on unpkg